On Tue, Jan 10, 2006 at 05:39:06PM +0100, DrumFire wrote:
| bugreport number 137:
|
| http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=137
|
| is not yet close. If you have access on a OpenBSD system,
| you can hangup it using this command:
|
| while true; do grep pippo /dev/zero & done
|
| Why, this bug is yet open? Everyone can crash my OpenBSD server,
| if have a simple shell. There's some sysctl to modidy, to avoid
| this problem?
Funny you should mention that - I tried that just two hours ago in a
discussion with a coworker. It doesn't crash my system. It becomes
pretty slow after spawning 83 processes because it's eating memory
(and swap) like cake. Swapping is what makes the system go slow.
After I log in as root and kill the shell that started all this
nonsense, I can continue working as normal.
To prevent your users from doing this, tell them not to. This can be
somewhat enforced by putting your users in a separate loginclass which
has a limited amount of memory and processes available. Read up on
login.conf(5).
Cheers,
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
[demime 1.01d removed an attachment of type application/pgp-signature]
